CVE-2024-35832 is a vulnerability identified in the Linux kernel specifically affecting the bcachefs filesystem implementation. The issue arises from improper memory deallocation in the snapshot management code. In detail, the bch_fs::snapshots structure is allocated using kvzalloc in the __snapshot_t_mut function but is incorrectly freed using kfree instead of kvfree during the bch2_fs_snapshots_exit cleanup routine. This mismatch in memory management functions leads to a kernel page fault when unmounting the filesystem, as demonstrated by the provided kernel oops log. The fault occurs because kfree is not suitable for freeing memory allocated by kvzalloc, resulting in an attempt to access invalid memory addresses and causing a supervisor read access fault in kernel mode. The kernel panic trace shows the failure occurs during the umount operation, specifically in the bch2_fs_release function of the bcachefs module. This vulnerability can cause system instability or crashes when unmounting bcachefs filesystems, potentially leading to denial of service conditions. Since this bug is triggered by unmounting snapshots, it requires that the bcachefs filesystem is in use and snapshots are being managed. There is no indication of privilege escalation or remote code execution, but the kernel crash can disrupt system availability. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The vulnerability was published on May 17, 2024, and affects Linux kernel versions containing the specified commit hashes. The root cause is a developer error in memory management within the kernel's bcachefs code path.

For European organizations, the primary impact of CVE-2024-35832 is on system stability and availability where Linux systems utilize the bcachefs filesystem, particularly in environments that rely on snapshot functionality and frequent mount/unmount operations. This could affect data centers, cloud providers, and enterprises using Linux servers for storage solutions that incorporate bcachefs. A kernel crash during unmount operations could lead to service interruptions, potential data loss if unclean unmounts occur, and increased operational overhead due to system reboots and troubleshooting. While this vulnerability does not appear to allow unauthorized access or data breaches directly, the denial of service impact could disrupt critical business applications and services. Organizations with high availability requirements or those running virtualized environments (e.g., QEMU-based VMs as indicated in the log) might experience more pronounced effects. Additionally, since bcachefs is a relatively new and advanced filesystem, organizations experimenting with or deploying it in production should be particularly cautious. The lack of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental crashes or potential future exploitation if attackers develop methods to trigger the fault remotely or escalate impact.

To mitigate CVE-2024-35832, organizations should apply the official Linux kernel patches that correct the memory deallocation mismatch by replacing kfree with kvfree in the bcachefs snapshot cleanup code. Until patches are applied, administrators should avoid unmounting bcachefs filesystems with active snapshots or limit the use of snapshot features to reduce the risk of triggering the fault. Monitoring kernel logs for oops or page fault messages related to bcachefs can help detect attempts to exploit or accidentally trigger the bug. Additionally, implementing robust backup and recovery procedures for systems using bcachefs is advisable to minimize data loss risk from unexpected crashes. For environments using virtualization, ensure that guest and host kernels are updated to prevent cascading failures. Organizations should also consider disabling bcachefs if it is not essential or replacing it with more mature filesystems until the vulnerability is fully remediated. Finally, maintain close coordination with Linux distribution vendors for timely patch releases and security advisories.